‪TYPO3CMS  ‪main
SecurityAspect.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Context;
19 
20 use ‪TYPO3\CMS\Core\Security\Nonce;
21 use ‪TYPO3\CMS\Core\Security\NoncePool;
22 use ‪TYPO3\CMS\Core\Security\RequestToken;
23 use ‪TYPO3\CMS\Core\Security\SigningSecretResolver;
24 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
25 
29 class ‪SecurityAspect implements ‪AspectInterface
30 {
35  protected ‪RequestToken|false|null ‪$receivedRequestToken = null;
36 
37  protected ‪SigningSecretResolver ‪$signingSecretResolver;
38 
39  protected ‪NoncePool ‪$noncePool;
40 
41  public static function ‪provideIn(‪Context $context): self
42  {
43  if ($context->‪hasAspect('security')) {
44  $securityAspect = $context->‪getAspect('security');
45  }
46  if (!isset($securityAspect) || !$securityAspect instanceof ‪SecurityAspect) {
47  $securityAspect = GeneralUtility::makeInstance(SecurityAspect::class);
48  $context->‪setAspect('security', $securityAspect);
49  }
50  return $securityAspect;
51  }
52 
53  public function ‪__construct()
54  {
55  $this->noncePool = GeneralUtility::makeInstance(NoncePool::class);
56  $this->signingSecretResolver = GeneralUtility::makeInstance(
57  SigningSecretResolver::class,
58  [
59  'nonce' => $this->noncePool,
60  // @todo enrich in separate step with `*FormProtection`
61  ]
62  );
63  }
64 
65  public function get(string $name): null|bool|‪Nonce|‪RequestToken
66  {
67  return match ($name) {
68  'receivedRequestToken' => ‪$this->receivedRequestToken,
69  'signingSecretResolver' => ‪$this->signingSecretResolver,
70  'noncePool' => ‪$this->noncePool,
71  default => null,
72  };
73  }
74 
75  public function ‪getReceivedRequestToken(): ‪RequestToken|false|null
76  {
77  return ‪$this->receivedRequestToken;
78  }
79 
80  public function ‪setReceivedRequestToken(‪RequestToken|false|null ‪$receivedRequestToken): void
81  {
82  $this->receivedRequestToken = ‪$receivedRequestToken;
83  }
84 
89  public function ‪getSigningSecretResolver(): ‪SigningSecretResolver
90  {
91  return ‪$this->signingSecretResolver;
92  }
93 
94  public function ‪getNoncePool(): ‪NoncePool
95  {
96  return ‪$this->noncePool;
97  }
98 
103  public function ‪provideNonce(): ‪Nonce
104  {
105  return $this->noncePool->provideSigningSecret();
106  }
107 }
‪TYPO3\CMS\Core\Context\SecurityAspect\provideIn
‪static provideIn(Context $context)
Definition: SecurityAspect.php:41
‪TYPO3\CMS\Core\Security\SigningSecretResolver
Definition: SigningSecretResolver.php:26
‪TYPO3\CMS\Core\Context\SecurityAspect\getNoncePool
‪getNoncePool()
Definition: SecurityAspect.php:94
‪TYPO3\CMS\Core\Context\Context\getAspect
‪getAspect(string $name)
Definition: Context.php:97
‪TYPO3\CMS\Core\Context
Definition: AspectInterface.php:18
‪TYPO3\CMS\Core\Context\SecurityAspect\$noncePool
‪NoncePool $noncePool
Definition: SecurityAspect.php:39
‪TYPO3\CMS\Core\Context\Context
Definition: Context.php:55
‪TYPO3\CMS\Core\Context\SecurityAspect\provideNonce
‪provideNonce()
Definition: SecurityAspect.php:103
‪TYPO3\CMS\Core\Context\Context\setAspect
‪setAspect(string $name, AspectInterface $aspect)
Definition: Context.php:152
‪TYPO3\CMS\Core\Security\RequestToken
Definition: RequestToken.php:26
‪TYPO3\CMS\Core\Context\SecurityAspect\__construct
‪__construct()
Definition: SecurityAspect.php:53
‪TYPO3\CMS\Core\Context\SecurityAspect
Definition: SecurityAspect.php:30
‪TYPO3\CMS\Core\Context\SecurityAspect\$receivedRequestToken
‪RequestToken false null $receivedRequestToken
Definition: SecurityAspect.php:35
‪TYPO3\CMS\Core\Context\SecurityAspect\getReceivedRequestToken
‪getReceivedRequestToken()
Definition: SecurityAspect.php:75
‪TYPO3\CMS\Core\Context\AspectInterface
Definition: AspectInterface.php:27
‪TYPO3\CMS\Core\Context\Context\hasAspect
‪hasAspect(string $name)
Definition: Context.php:75
‪TYPO3\CMS\Core\Context\SecurityAspect\setReceivedRequestToken
‪setReceivedRequestToken(RequestToken|false|null $receivedRequestToken)
Definition: SecurityAspect.php:80
‪TYPO3\CMS\Core\Security\NoncePool
Definition: NoncePool.php:24
‪TYPO3\CMS\Core\Context\SecurityAspect\$signingSecretResolver
‪SigningSecretResolver $signingSecretResolver
Definition: SecurityAspect.php:37
‪TYPO3\CMS\Core\Security\Nonce
Definition: Nonce.php:29
‪TYPO3\CMS\Core\Context\SecurityAspect\getSigningSecretResolver
‪getSigningSecretResolver()
Definition: SecurityAspect.php:89
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:51